Cyber Security: Looking back at 2018 and Predictions for 2019
Last May, I wrote a blog post detailing some of the 2018 predictions from across the cybersecurity industry and how they’d fared in the first five months of 2018.
Now that the dust has settled, let’s take a look at how well cybersecurity vendors predicted the threat landscape of 2018 and have a look at what will happen in 2019?
The 2018 Predictions
In 2018, four predictions were echoed across the cybersecurity industry. Let’s see how well artificial intelligence, privacy regulations, the Internet of Things, and ransomware lived up to the hype.
Rise of the Machine
Machine learning and artificial intelligence are in right now, with multiple companies predicting their use both by cyber defenders and hackers.
In our review of 2018 predictions, most organizations felt that hackers would be making heavy use of AI for reconnaissance and the automation of phishing and social engineering attacks.
On the defensive side, machine learning was predicted to be used to help move away from signature-based detection, allowing more zero-day attacks to be detected and prevented.
In reality, the predictions were half right. Machine learning is definitely in use in cybersecurity, but it’s primarily on the defender’s side, with many companies providing AI-based malware scanners and other defensive solutions.
In 2018, we haven’t seen any attacks that take advantages of the capabilities of AI in the ways or at the scale predicted a year ago.
Laying Down the Law
In May 2018, the European Union’s General Data Privacy Regulation went into effect. This regulation detailed how organizations should use and protect the personal data of EU citizens.
With the new regulation, it was predicted that most companies would not be prepared to handle their compliance needs and that new GDPR-focused solutions and services would be available.
Also, many of the predictions expected to see a push by consumers for similar privacy laws for those not protected by GDPR.
Like the previous prediction, this one is half right. Organizations were largely unprepared for GDPR (as demonstrated by several major data breaches in 2018), and some companies have begun offering GDPR compliance-as-a-service solutions.
However, the prediction that the GDPR regulation would spur consumers to demand similar regulations in the US did no bear fruit.
Safe at Home
In 2018, attacks on Internet of Things devices were predicted to continue and even increase. IoT devices are known to have laughably poor security and are commonly deployed by consumers with limited security know-how.
As a result, they are easy targets for hackers who want to use their computing power for nefarious purposes.
Predicting attacks on IoT devices was a safe bet for cybersecurity vendors. IoT devices were a chronic security problem before 2018, and there has been little or no movement among the IoT industry to fix this problem.
Attacks on IoT devices rose in 2018 and will probably continue to do so in 2019 unless something major changes.
Lock It Up
The final 2018 prediction that we explored in May regarded the ransomware threat. In 2018, ransomware was expected to continue growing and become more sophisticated and targeted, attacking critical infrastructure and the Internet of Things.
Surprisingly, 2018 was the Year of Cryptomining rather than stealing 2017’s title as the Year of Ransomware. In 2018, many cybercriminals realized that you only make money with ransomware if users pay the ransom, while cryptominers can turn a profit as long as they’re allowed to run.
While ransomware did become more sophisticated in 2018, it paled in comparison to cryptominer’s 4,000% growth in 2018.
How’d They Do?
In 2018, we reviewed four of the most common predictions made by cybersecurity vendors for the coming year. Of these predictions, two were half right, one was totally right, and one was completely wrong.
When analyzing cybersecurity predictions, there are a lot of crazy ideas and a few things that are consistent across the industry. After reviewing multiple articles, there are six 2019 cybersecurity predictions that stand out from the rest:
- Increased usage of artificial intelligence for reconnaissance and social engineering
- Targeting of IoT devices for use in botnets and more sophisticated attacks
- First company hit with maximum GDPR penalty (4% of global turnover)
- New privacy regulations driven by consumer demands (especially in the US)
- Attackers will target the supply chain using malicious updates to legitimate software
- Cryptojacking malware will rise or fall (we’re not sure which but it’ll certainly do something)
Deja vu, right? Last year, we reported on cyber security predictions about the use of AI in social engineering, targeting the Internet of Things, and privacy regulations (especially around GDPR).
In 2019, the predictions landscape looks a lot like 2018 except that we’ve traded ransomware for supply chain and cryptojacking attacks.
What Do We Know Anyway?
Predictions about the cybersecurity threat landscape for the coming year should always be taken with a grain of salt.
There are always a few perennial problems that show up predictions year after year and there will be something that happens that no-one sees coming.
Despite everything, phishing and social engineering remain the top threats that we see year after year.
Focusing your cybersecurity efforts on providing good cybersecurity training to your employees is always a winner and decreases the chances that your name will show up in out 2019 Year in Review post.